58a0f24477e5ff0d61e8b144590bec0c00c85645ccec1a75aaf5717fc8ff6d17

Analysis

max time kernel
104s
max time network
118s
platform
android_x64
resource
android-33-x64-arm64-20240514-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240514-enlocale:en-usos:android-13-x64system
submitted
22-05-2024 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

upload-simulator-2-mnogo-deneg-15011-androeed.store-0-1703930999.apk
Size

99.4MB
MD5

8b47a931880cdea959ae77f1a285dd57
SHA1

954111d03705fb053c03f6f756f21b440d881105
SHA256

58a0f24477e5ff0d61e8b144590bec0c00c85645ccec1a75aaf5717fc8ff6d17
SHA512

65468e2f40db6279adc2257635325824e40f4a01d1a873023de63930fd6ab2eca866081b904ee3797d43a05c07fe36e1c937b2ee387349bfca838576c1392dd2
SSDEEP

3145728:TyPGuYxrdxtebWVyqk7hZiVztcIN4nbARr:gqjV5YIBcQ4cZ

Score

8^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 3 IoCs
evasion

T1426

Processes:

com.enigmadev.uploadsimulator2

ioc process

/system/app/Superuser.apk com.enigmadev.uploadsimulator2
/sbin/su com.enigmadev.uploadsimulator2
/system/bin/su com.enigmadev.uploadsimulator2
Checks CPU information 2 TTPs 1 IoCs
Checks CPU information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.enigmadev.uploadsimulator2

description ioc process

File opened for read /proc/cpuinfo com.enigmadev.uploadsimulator2
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

com.enigmadev.uploadsimulator2

description ioc process

File opened for read /proc/meminfo com.enigmadev.uploadsimulator2
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

com.enigmadev.uploadsimulator2

ioc pid process

/data/user/0/com.enigmadev.uploadsimulator2/cache/1689111357674.jar 4377 com.enigmadev.uploadsimulator2
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

com.enigmadev.uploadsimulator2

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.enigmadev.uploadsimulator2
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

T1424

Processes:

com.enigmadev.uploadsimulator2

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.enigmadev.uploadsimulator2
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

com.enigmadev.uploadsimulator2

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.enigmadev.uploadsimulator2
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

com.enigmadev.uploadsimulator2

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.enigmadev.uploadsimulator2
Reads information about phone network operator. 1 TTPs
discovery

T1422
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
evasion

T1628.002

Processes:

com.enigmadev.uploadsimulator2

description ioc process

Framework API call android.hardware.SensorManager.registerListener com.enigmadev.uploadsimulator2
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

com.enigmadev.uploadsimulator2

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.enigmadev.uploadsimulator2

ioc	process
/system/app/Superuser.apk	com.enigmadev.uploadsimulator2
/sbin/su	com.enigmadev.uploadsimulator2
/system/bin/su	com.enigmadev.uploadsimulator2

description	ioc	process
File opened for read	/proc/cpuinfo	com.enigmadev.uploadsimulator2

description	ioc	process
File opened for read	/proc/meminfo	com.enigmadev.uploadsimulator2

ioc	pid	process
/data/user/0/com.enigmadev.uploadsimulator2/cache/1689111357674.jar	4377	com.enigmadev.uploadsimulator2

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.enigmadev.uploadsimulator2

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.enigmadev.uploadsimulator2

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	com.enigmadev.uploadsimulator2

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.enigmadev.uploadsimulator2

description	ioc	process
Framework API call	android.hardware.SensorManager.registerListener	com.enigmadev.uploadsimulator2

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.enigmadev.uploadsimulator2

com.enigmadev.uploadsimulator2
1⤵
- Checks if the Android device is rooted.
- Checks CPU information
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Queries the mobile country code (MCC)
- Checks if the internet connection is available
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4377

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.enigmadev.uploadsimulator2/cache/1689111357674.jar
Filesize
10KB

MD5
189d24556179c74f72678b58e01308c1

SHA1
d4ed4dc1b0fb6741c6c9434348b159dbea92e0b4

SHA256
236eb17c5c14261b62630ebdc5830f4a97d3cf0dbc7bd1de98dfd17d55474353

SHA512
27dc7bd75c982173c58d3a02e793616dd6364bbc3d593d1453c5c1cb5dc0ef560b5931a7736ae12c69486fb170ee723bf124747d1b2727a4026281dccbdae9e2

Download Submit
/data/data/com.enigmadev.uploadsimulator2/databases/google_app_measurement_local.db
Filesize
16KB

MD5
da4c81d9a032121236a4ed034c0cc9d9

SHA1
6ea1d3d14a34c4dbe056fc4380747d3970cb3498

SHA256
30b7dde5771b5ef3cb6cd033fa2b1618a0674f41f47c1441855f3da24887a0ff

SHA512
e61d8e6af3d48cc6e95e34568209bc24308db9d751dd1451538907df0e7caa67e329c4615911b0c6614275f3e5cfb2a8a38288f5818487c5d292c18dd857849f

Download Submit
/data/data/com.enigmadev.uploadsimulator2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
a88373a67f694dcca1420ec5cb213ef8

SHA1
98985b6b848ab7dfc0521170236315c07300d3e1

SHA256
49b76141f58baecef007503ffef5a1385e12ccff85f3152995a8ff7430cc4cac

SHA512
ac0bfb19ce804e1bedff6fce70cd7c7d67d940d88220495ca082cf5c4b7346c9ce8bb8bd18f2c8ee9da2e0555649d7dd323f2486dc03868237a01768097f4c28

Download Submit
/data/data/com.enigmadev.uploadsimulator2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
973ce0a22919b1e482aa72ee0795a66e

SHA1
1e87347596efa7b1d18aa76a919b56e0f39091a5

SHA256
e5549e116a52e5862f0226ef9a2f7dff24074b0138094886887edb65e2c4bfbe

SHA512
2cca143ac600a4241aee1a7c752e906733cee8318bb17bba90b870f3af49a9c054155b4f1561965cb50557b4c1e10aa8d0f5cc1c62637ec6626efba1375ed68f

Download Submit
/data/data/com.enigmadev.uploadsimulator2/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
3b58ed022e7e845c8678bd685002d81b

SHA1
78c4c70745767a27c579376b0603470bf3ccbe9b

SHA256
4e13ee56e9afa1a3ca7d7553e178e54b49cdd103fb66ec32748ad92c7f875c39

SHA512
41b715a04e41b932c49f7284d259667c5c13bdff2515648a4092f833dedaea721cd18334e7f33861224435934ac6149cf9ec7f787ab35f720ce661883cac1733

Download Submit
/data/data/com.enigmadev.uploadsimulator2/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
9d06b862da1c04124368a94d9caf5386

SHA1
6795a8511ed266eb44a92394a665d893ae44820d

SHA256
934bc30c3a64b51eb88263ead8cade271f1edbeecec7170dce6134185b1d54b6

SHA512
d147376e856361cbd527fc380145f4dbda5341d325c3c40f719d3157ab2e8387e6639f0a3445781cb2aec73cf449dcb6b038ffa15187409356203ec069c2fa1c

Download Submit
/data/data/com.enigmadev.uploadsimulator2/databases/google_app_measurement_local.db-journal
Filesize
4KB

MD5
2ca58b6b946166b3f2058b29abaea326

SHA1
05b6dbb98689838e9957504afae68a33884e7b38

SHA256
6a939b1cb85dbc51bf5a747eda64dec17578cc29a53a7d0b326c0d3bec8e6454

SHA512
e12dd201da69489bfd21a2e7ceaa3f826de0cf376de510c2316984fa5d94e4e2f1bcdefcecc6a0b22a51061de7640c26bba1a9b52dca0e86d522e5d665029804

Download Submit
/data/data/com.enigmadev.uploadsimulator2/files/al/persistent_postback_cache.json
Filesize
9B

MD5
a5612927e7792641607f093050b775bb

SHA1
99216e1430784a2fc369f81e03a28e5f681735e3

SHA256
4e89c765f879a6052bf02aaed88823281bbeaf0e713f91faecc643d6d31326db

SHA512
3ce4dd5f437b9405ea6e4d6bcb16512c98914b2dd15a01facab5fc68126698cc37e0448fac28408560552e9688ad1b6948e0fb8c9d11f893635d20e970cd9090

Download Submit
/data/data/com.enigmadev.uploadsimulator2/no_backup/androidx.work.workdb
Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.enigmadev.uploadsimulator2/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
0336eee9e541af8374b8e7721036facb

SHA1
5205314f1ee5f91c77994288ebc7ed3025e5819a

SHA256
6d8287414ac972b45c95b051e0aee8c1bb778f13cf4f63f5152ae10fd058a710

SHA512
2eec260aaa57d137e444abd4265df9088f1b49e56c53e0182119237a47e5dd7f1816eae54d73546f7ff114c9c64f9ef2a14cadb5580e811089c42ebc6b543b85

Download Submit
/data/data/com.enigmadev.uploadsimulator2/no_backup/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.enigmadev.uploadsimulator2/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
de5977da58547ea1d2a3f1924dc406af

SHA1
93004339d2e6b5dc26869bf5b86f3c58468d2946

SHA256
5c863e494d1573bd533e97f14a2d22243811d292abd899968925591109e542b7

SHA512
2b4eaa11ce4723fae8b48f71b40116dd47f080a7b8b27693a6895060d8e74762680386624fdc6e5479ee1b7eaf8626dd0e0123247385e5693cecd4c2795a7b89

Download Submit
/data/data/com.enigmadev.uploadsimulator2/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
a6d76187f4c414a3abb76ef0897e12be

SHA1
626f5e7d18c37d054a74f7bb27deb416f2b7a5e4

SHA256
30efa151b3b2b194c79e5a63aa3fe4aba30439955e95bd9d9bb3fe5036f70b02

SHA512
ef2866d5acf6dbb925055f1d3cffbc3b1abd4d682db1789963b212952bcd53abb25f0d01f21402aa5d4d516c8ed1abdcc4e54db2dd60612381b3ceb3a20367af

Download Submit
/data/user/0/com.enigmadev.uploadsimulator2/cache/1689111357674.jar
Filesize
22KB

MD5
2800ad09ca14a7a986a6e8becbbbb158

SHA1
cff8d824d09296149af1f7f7ad12ebb701f4b8c5

SHA256
5b3ace2783fb2b21f30cd4e20a8645e6bd6d59347c44cbfd11141b0d9afcb33e

SHA512
c315532db47e93c406308f997b1f81876dc4394838b64f93b3afce0748f1cd1c5b5e490856e5c7be0fc7aef063c0f4dcef73de0cc1a712eebc4f80a443cea7d3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads